Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/4cae10-37a5-40ef-89d5-5701d01c1e87/1/F0uPnTb3L88gYbHxrWFTp4NIxZQ.roa
File:                     F0uPnTb3L88gYbHxrWFTp4NIxZQ.roa (raw, json)
Hash identifier:          L1cToIvOfmOKw1wl7avLVLaUZwHNXdkmlLKW7CJ2NyQ=
Subject key identifier:   17:4B:8F:9D:36:F7:2F:CF:20:61:B1:F1:AD:61:53:A7:83:48:C5:94
Certificate issuer:       /CN=9f5ff3de10a31bbf5701c0bdb26c6508017da2ca
Certificate serial:       018225EF1AA67498B95517C66AEF2502AA70
Authority key identifier: 9F:5F:F3:DE:10:A3:1B:BF:57:01:C0:BD:B2:6C:65:08:01:7D:A2:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n1_z3hCjG79XAcC9smxlCAF9oso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/4cae10-37a5-40ef-89d5-5701d01c1e87/1/F0uPnTb3L88gYbHxrWFTp4NIxZQ.roa
Signing time:             Fri 22 Jul 2022 12:43:23 +0000
ROA not before:           Fri 22 Jul 2022 12:43:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39431
IP address blocks:        176.108.108.0/24 maxlen: 24
                          176.108.109.0/24 maxlen: 24
                          176.108.106.0/23 maxlen: 24
                          176.108.106.0/24 maxlen: 24
                          176.108.112.0/22 maxlen: 24
                          176.108.112.0/24 maxlen: 24
                          176.108.116.0/22 maxlen: 22
                          176.108.118.0/24 maxlen: 24
                          176.108.120.0/22 maxlen: 24
                          176.108.119.0/24 maxlen: 24
                          193.93.17.0/24 maxlen: 24
                          193.93.16.0/24 maxlen: 24
                          193.93.16.0/23 maxlen: 24
                          193.93.16.0/22 maxlen: 24
                          193.93.19.0/24 maxlen: 24
                          193.93.18.0/24 maxlen: 24
                          193.93.18.0/23 maxlen: 24
                          176.108.103.0/24 maxlen: 24
                          176.108.102.0/24 maxlen: 24
                          176.108.104.0/24 maxlen: 24
                          2001:678:468::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:25:ef:1a:a6:74:98:b9:55:17:c6:6a:ef:25:02:aa:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f5ff3de10a31bbf5701c0bdb26c6508017da2ca
        Validity
            Not Before: Jul 22 12:43:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=174b8f9d36f72fcf2061b1f1ad6153a78348c594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2d:e2:e5:8c:b5:30:c1:8e:a6:cf:61:01:2b:
                    28:c9:39:2a:b2:8f:9a:3a:26:a4:65:6d:0b:1d:35:
                    d6:be:d1:bf:4d:49:0f:f7:e4:e5:13:6b:85:f3:77:
                    f4:10:58:e6:ab:10:cc:ad:6c:1f:72:f2:44:40:e4:
                    74:04:c3:be:17:6c:4a:9d:e0:2d:05:3b:93:05:b6:
                    59:01:ac:ff:16:1c:70:ef:b2:98:91:48:74:71:af:
                    64:33:22:1f:bd:93:f5:45:11:3d:a2:ac:d7:ee:a4:
                    8e:9a:ac:68:45:80:3b:01:ba:71:30:f5:08:3b:f1:
                    03:96:94:05:dc:03:82:53:0e:90:9f:31:11:b7:bf:
                    41:91:a4:3f:7e:36:bd:9c:bf:92:0a:9a:b9:92:bb:
                    04:c3:bc:b7:9a:51:e8:e5:21:6d:12:27:69:00:0c:
                    89:49:84:34:14:ce:b2:37:d9:92:fc:bd:4d:66:47:
                    c1:68:8b:62:30:e0:ef:25:af:12:3b:6e:14:87:5c:
                    90:85:00:ae:bb:f4:8b:7f:1e:6b:0b:a0:d8:3a:f8:
                    a3:60:0e:dc:72:ca:e8:fb:b7:f6:1f:14:ca:a5:20:
                    b4:d9:45:1e:f2:f0:97:fd:41:f9:e4:69:ce:2e:78:
                    5b:55:9c:24:6c:26:c6:62:ab:01:bf:0b:c1:a9:20:
                    34:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:8F:9D:36:F7:2F:CF:20:61:B1:F1:AD:61:53:A7:83:48:C5:94
            X509v3 Authority Key Identifier:
                keyid:9F:5F:F3:DE:10:A3:1B:BF:57:01:C0:BD:B2:6C:65:08:01:7D:A2:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n1_z3hCjG79XAcC9smxlCAF9oso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4cae10-37a5-40ef-89d5-5701d01c1e87/1/F0uPnTb3L88gYbHxrWFTp4NIxZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4cae10-37a5-40ef-89d5-5701d01c1e87/1/n1_z3hCjG79XAcC9smxlCAF9oso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.108.102.0-176.108.104.255
                  176.108.106.0-176.108.109.255
                  176.108.112.0-176.108.123.255
                  193.93.16.0/22
                IPv6:
                  2001:678:468::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:1f:20:fc:4a:ce:73:e7:36:d5:fe:d5:b8:5d:ca:cf:21:23:
         db:11:20:d9:be:87:2f:f7:07:0a:87:38:74:78:ed:cf:2b:f5:
         bb:52:b6:1b:49:33:1c:7d:1a:09:90:8b:1d:89:fd:56:74:11:
         61:ec:ca:7f:ca:54:76:83:10:14:55:c7:bc:0a:fd:a4:d5:f1:
         e1:bc:de:fd:fc:fc:91:12:8d:f6:4c:ed:bb:0a:51:7a:0b:be:
         2c:c8:9f:e1:92:48:05:73:63:2b:f0:fd:b3:fc:29:e8:7a:bf:
         92:5b:d8:3d:e5:f8:01:c3:25:9d:69:f2:eb:1a:0c:bb:97:2b:
         b3:32:c5:8f:cd:a9:eb:84:70:17:86:af:29:d5:bd:45:c6:1f:
         38:d9:7d:b0:20:46:94:76:f2:81:20:d8:93:ce:e6:95:7b:60:
         2b:19:7f:97:b2:7d:d6:5a:54:d0:ba:61:c7:5c:af:6c:8a:3e:
         a1:de:86:fe:11:2c:50:ad:22:36:1a:a3:7d:8a:9b:8a:1b:84:
         c7:d4:0a:00:fc:2a:cf:c3:a5:30:1a:9c:24:89:ab:71:a0:de:
         79:11:4e:38:d6:49:49:c5:c9:90:74:5e:f9:55:5c:07:11:92:
         d6:af:f9:8c:0a:7d:f8:96:5f:fc:b4:a0:1b:47:fa:3f:26:4f:
         b5:eb:fb:c0
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYIl7xqmdJi5VRfGau8lAqpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNWZmM2RlMTBhMzFiYmY1NzAxYzBiZGIyNmM2NTA4MDE3
ZGEyY2EwHhcNMjIwNzIyMTI0MzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRiOGY5ZDM2ZjcyZmNmMjA2MWIxZjFhZDYxNTNhNzgzNDhjNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi3i5Yy1MMGOps9hASsoyTkqso+a
OiakZW0LHTXWvtG/TUkP9+TlE2uF83f0EFjmqxDMrWwfcvJEQOR0BMO+F2xKneAt
BTuTBbZZAaz/Fhxw77KYkUh0ca9kMyIfvZP1RRE9oqzX7qSOmqxoRYA7AbpxMPUI
O/EDlpQF3AOCUw6QnzERt79BkaQ/fja9nL+SCpq5krsEw7y3mlHo5SFtEidpAAyJ
SYQ0FM6yN9mS/L1NZkfBaItiMODvJa8SO24Uh1yQhQCuu/SLfx5rC6DYOvijYA7c
csro+7f2HxTKpSC02UUe8vCX/UH55GnOLnhbVZwkbCbGYqsBvwvBqSA0qwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFBdLj5029y/PIGGx8a1hU6eDSMWUMB8GA1UdIwQY
MBaAFJ9f894Qoxu/VwHAvbJsZQgBfaLKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjFfejNoQ2pHNzlYQWNDOXNteGxDQUY5b3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi80Y2FlMTAtMzdhNS00MGVmLTg5ZDUt
NTcwMWQwMWMxZTg3LzEvRjB1UG5UYjNMODhnWWJIeHJXRlRwNE5JeFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi80Y2FlMTAtMzdhNS00MGVmLTg5ZDUtNTcwMWQwMWMxZTg3
LzEvbjFfejNoQ2pHNzlYQWNDOXNteGxDQUY5b3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA2BAIAATAwMAwDBAGwbGYD
BACwbGgwDAMEAbBsagMEAbBsbDAMAwQEsGxwAwQCsGx4AwQCwV0QMA8EAgACMAkD
BwAgAQZ4BGgwDQYJKoZIhvcNAQELBQADggEBACgfIPxKznPnNtX+1bhdys8hI9sR
INm+hy/3BwqHOHR47c8r9btSthtJMxx9GgmQix2J/VZ0EWHsyn/KVHaDEBRVx7wK
/aTV8eG83v38/JESjfZM7bsKUXoLvizIn+GSSAVzYyvw/bP8Keh6v5Jb2D3l+AHD
JZ1p8usaDLuXK7MyxY/NqeuEcBeGrynVvUXGHzjZfbAgRpR28oEg2JPO5pV7YCsZ
f5eyfdZaVNC6Ycdcr2yKPqHehv4RLFCtIjYao32Km4obhMfUCgD8Ks/DpTAanCSJ
q3Gg3nkRTjjWSUnFyZB0XvlVXAcRktav+YwKffiWX/y0oBtH+j8mT7Xr+8A=
-----END CERTIFICATE-----